Featured

This column was written by Gavin Dunaway, U.S. Editor at AdMonsters, the global community of ad operations and technology leaders.

UDID was a problem. First off, the 40-digit alphanumeric codes giving unique identifiers to Apple mobile devices based on hardware details had no consumer opt-out functionality – no blocking, removing, what have you. Second, the read-only identifier was static – even if a phone exchanged owners, the UDID was imprinted forever.

With cookies rendered useless in the app environment and no other tracking tools available within the iOS platform, advertisers, publishers and developers took advantage of Apple’s offering of UDID for tracking – Apple was using the identifiers to track behaviors across its own apps. However, the UDID was quickly employed for ad targeting, something Apple supposedly never intended. The lid to the public was blown off this practice in a late 2010 Wall Street Journal article rather sensationally titled, “Your Apps Are Watching You.”

It’s arguable that it doesn’t take much work to jump from a set of cookies to an actual person – the gap between a UDID and its actual user was minimal at best. The stigma around UDID was tangible for all in the digital advertising community, but alternatives were non-existent.

The UDID’s profile began to wane in August 2011, when Apple responded to privacy concerns by depreciating developer access during the launch of iOS 5. No new apps would have UDID privileges and the company strongly encouraged all other app-makers to shake the habit. The ad tech community wigged out a bit – their only app tracking and targeting lifeline within the most popular mobile platform was being severed.

At that time, the Apple Developer documentation suggested creating “a unique identifier specific to your app.” In a horrendously fragmented digital advertising market, a slew of identifiers flooding the market sounded like a whole new nightmare. So mobile technology companies began developing their own identifier projects like OpenUDID and ODIN, some with the ability to recognize and match other players’ identifiers, others using hashing to promote anonymity.

The launch of iOS 6 the next year revealed that Apple was slowly but completely cutting off UDIDs in favor of its new sanctioned tracking tool, Identifier for Advertisers (IFA or IDFA).

“We never considered UDID a privacy safe identifier, but as soon as they upgraded to IDFA we started using it,” said Are Traasdahl, President and Founder of Tapad.

Labeled by Apple as a “non-personal device identifier,” IFA is a software-based, 40-digit identifier that acts like a persistent first-party cookie. Apps can send along the IFA with ad calls, but it is not linked to Javascript in mobile browsing. A consumer opt is available: to reset the IFA, a user needs simply to go to General -> About -> Advertising, where he or she can also choose to limit ad tracking. (This path is changing in iOS7, according to reports.) “Limiting ad tracking” disables advertisers’ ability to use the ID in targeting ads.

This would suggest the opt-out is similar to the Digital Advertising Alliance’s Online Behavioral Advertising initiative, a supposed best-of-both-worlds compromise: consumers deny advertisers the ability to serve targeted ads, but advertisers and publishers can still use data for purposes such as frequency capping. However, this also enables advertisers and technology firms to amass user information into profiles that would not be used for ad targeting but possibly lookalike modeling. This is considered the “aggressive interpretation.”

Prior to the launch of iOS7 this fall, Apple notified app developers that “Starting May 1, the App Store will no longer accept new apps or app updates that access UDIDs. Please update your apps and servers to associate users with the Vendor or Advertising identifiers introduced in iOS 6.” That’s right: apps still relying on UDID could get booted from the app store.

Apple also announced it was shutting down developer access to the Media Access Control (MAC) address – the unique identifier assigned to devices on networks that media companies employed for tracking and targeting. Apple reiterated its claim from the iOS6 launch: “In the future, all apps will be required to use the Advertising Identifier.”

IFA was heralded on its release by the ad tech community (“sets the standard”), and migration away from UDID has ramped up over the last year. Other unique identifier initiatives, which had failed to garner much adoption, faded even further into obscurity.

Of course, privacy advocates disparaged the new tool (“Apple is tracking you again”) with many noting that the announcement of the new unique identifier was not prominently promoted in the iOS6 announcement. They suggested that while IFA was good for business, consumers would be less than pleased (even outraged) at having an ID tied to their most personal device. Is it enough that IFA can be reset at any time and access can be limited?

IFA is a solid gateway for analyzing a much larger shift in how digital media companies track and target. A variety of companies have developed or ported an array of solutions for mobile tracking across mobile web and apps, but they all have one thing in common: they’re centered around device identification.

Device identification is arguably the key to unlocking the greatest challenge in this increasingly fragmented media space – cross-device marketing. Not just giving advertisers the ability to fairly accurately measure campaigns across a host of devices, but also enabling publishers to link and segment their audiences across devices with a high probability.

But device identification is already sparking a privacy debate, one that could grow to make the ongoing brouhaha over cookies look like little more than a kerfuffle. Publishers and agencies are wary of the privacy concerns and hesitant to embrace the technology. Never before has digital tracking become so personal, and never before has the argument for consumer privacy controls been so compelling.

In Search of Audience

Don’t let anyone ever tell you there are no cookies on mobile. Even third-party cookies can be dropped and read depending on which mobile browser is being employed (ahem, Chrome). For example, when you enter login information on a mobile website, how do you think that site remembers you when you stroll back later in your session? Old-fashioned (namely first-party) cookie power.

The mobile cookie bears more than a passing resemblance to its desktop cousin: it’s a retrievable token or ID that’s dropped in HTML5 local storage. However, on iOS and Android, cookies are “sandboxed”; they can be used in the browser, but they’re walled off from apps. An app can employ a cookie by briefly opening and closing a browser window, but the information stored remains solely in that specific app’s purview. That means digital media players who want to use mobile cookies for tracking and targeting across mobile web and apps in a manner similar to desktop are plain out of luck.

Is that a bad thing? The cookie’s purpose has long been bastardized from its original inception – a tool for retaining items in e-commerce shopping carts. Besides, many believe the days of the cookie are numbered – well, at least the third-party cookie, which has become pariah no. 1 for browsers. Mozilla’s Firefox recently joined Apple’s Safari in rejecting third-party cookies. Microsoft made the decision last year to switch “do not track” on by default on Internet Explorer 10. (The effectiveness of that move is complicated by the refusal of many media companies to recognize the signal, a protest supported by the Digital Advertising Alliance.) In the browser arm race where Chrome by Google (always a friend to third-party cookies) is rapidly gaining market share, other browsers are using privacy via third-party cookie bans as a marketing differentiator.

However, desktop cookies have become vital tools on the buy and sell sides (and definitely in between). They offer publishers the ability to better understand audience characteristics and behavior, and then possibly use this insight to segment audiences for direct and indirect buyers, ultimately boosting the value of their inventory. As mobile content consumption ramps up via smartphone penetration and takes an ever-increasing chunk out of desktop traffic, publishers are left in the dark on how audience behavior is shifting between desktop and mobile.

Even before targeting needs, advertisers require tracking for frequency capping: how does an advertiser know it’s not bombarding the same user with identical creative? Or on the cross-device level, whether they’re shelling the same users with the same spiel across desktop, TV, mobile and tablet? In addition, attribution uses tracking to illuminate the media path a consumer treks down the purchase funnel. With a fledgling channel like mobile, marketers must be able to detect some kind of return on investment to justify future (preferably increased) spend.

But advertisers’ biggest concern after procuring effective creative is hitting target audience. And the granularity of behaviorally targeted advertising in desktop has emboldened advertisers to expect the same level of audience targeting on mobile.

“Mobile inventory is less valuable than desktop because it’s very difficult to build audience in mobile – we simply have no identification layer,” say James Lamberti GM and VP of AdTruth. “We need the ability to speak to advertisers and confidently say, ‘Here is my mobile inventory, here are my heavy travelers, here are males 18 to 25, here luxury brand buyers, etc.'”

Nope, mobile display impressions aren’t worth dirt: Opera’s research from 2012 suggested overall eCPMs for mobile are typically $0.75 compared to $3.50 for desktop ads. eCPMs on iPhones came in at $2.85 while Android eCPMs are at $2.10. MoPub’s Monthly Mobile Advertising Report put the eCPMs on its mobile exchange at $0.81 in April 2013, up from $0.76 in March. Remember when Apple released iAds with a $1 million minimum advertiser spend and initial CPMs valued between $15 and $20?

It gets worse: consider that on a mobile page a publisher can typically offer one impression versus the three to five that (an ethical publisher) can serve on a desktop page. So not only are CPMs much lower, they require more traffic to fulfill. As mobile traffic increasingly cuts into desktop, poaching potential impressions, this is what Zemanta CEO Todd Sawicki refers to as “Mobegeddon.”

Direct sales teams have a rough time with mobile for several reasons; for one thing, it’s not clear the optimal creative path. Some have boldly claimed native is the premier mobile format, but scaling native is particularly difficult due to the time needed in creative development. Quarter-inch, frozen banners are annoying to consumers accidentally clicking on them, but they certainly scale (and arguably get attention).

According to MoPub’s first quarter industry report, MRAID-enhanced units claimed an 80% share of exchange spend, and average CPMs increased from $0.81 to $0.89; non-MRAID-enabled units dropped from $0.62 to $0.53. Also in the report: demand for interstitials has substantially outpaced banners in bid depth and win rate.

Mobile display is a prime space for programmatic: Celtra recently estimated that RTB will have a 30% market share by the end of 2013. Mobile ad networks are giving way to buy- and sell-side platforms in a similar fashion to desktop display’s evolution – only at a much quicker rate. Some DSPs and SSPs are carpetbaggers from the desktop world, but some of them were born and bred for the mobile experience.

“Running one of the worlds largest ad exchanges, we recognized that buyers needed a more effective approach to target their audiences on mobile, and publishers needed a smarter way to accurately price their inventory,” says Jason Fairchild, CRO of OpenX. “Existing approaches to device identification either weren’t fast enough for RTB, or privacy compliant enough.”

However, this market bifurcation still has a ways to go. One publisher compared dealing with unsold mobile inventory on mobile to the desktop situation circa 2007: a laborious and painful process requiring deals with multiple ad networks. Just ponder how many low-quality, obviously backfill in-app ads you’ve seen that have sparked flashbacks to a far messier age of digital advertising. At any given time, this publisher said he’s working with eight to 12 ad networks, testing and certifying to ensure they’re good actors.

In that publishers’ perspective, mobile exchanges are yet to completely venture into the land of real-time optimization and transaction like desktop exchanges. Many exchanges seem to be using past performance to determine the next best impression, which doesn’t always deliver the highest value.

The foundation for a transition away from ad networks to a real-time programmatic ecosystem have been laid, especially with desktop exchanges moving into mobile. Another sign of a shift is ad networks integrating or acquiring mobile RTB technology – for example, major mobile ad network Millennial Media acquired mobile DSP MetaResolver in February to its enhance efforts buying and selling on exchanges. But our old friend audience leaves a big hole in mobile programmatic progress.

“What makes desktop so efficient is that it’s all based on cookies and audience matching,” the publisher said. “With that piece missing, it’s unclear how mobile fulfills that same promise.”

Only a Piece of the Action

Some publishers do have access to an identification layer through registration data. One publisher I talked to, which now sees the vast majority of new membership via mobile, requires consumers to register with personal information. As logged in users roam the apps, ad calls feature intriguing targeting data that is far removed from personally identifiable information (PII). In addition, this publisher noted it is not using registration data as a unique identifier for tracking or targeting – that’s a privacy line the company doesn’t want to cross. Instead it finds other means to segment audiences.

“Something that’s interesting about the mobile side is the specificity of the app,” the publisher said. “On the desktop side we would be much more conservative about sharing that kind of proprietary information.”

What’s in a name? Indeed, sometimes just an app’s title shared in the call can be granular enough to understand the audience – typically because apps provide more functionality than your average website. However, it must be noted that specificity can also be limiting.

Just like on desktop before the proliferation of third-party cookies, content as audience proxy is a popular segmentation method for publishers learning the evolving art of stitching together channel data. Although mobile presents a completely different dynamic, one broadcaster said its actively experimenting porting over desktop and TV information. Broadcasters have the advantage that advertisers know what audiences are going to flock to which shows. If the ratings and digital video metrics suggest 25-to-34-year-old women are watching a particular program, the mobile audience is likely the same.

So perhaps the hard, deterministic data isn’t necessary? Well, it comes back to advertiser expectations and revenue. A publisher mentioned that the majority of their mobile inventory is sold via sponsorship connected to cross-platform direct sales. He admitted there was money being left on the table, as run-of-site display could probably generate more revenue.

But there is a chunk missing to make that inventory truly valuable, at least on a competitive level with desktop – detailed audience data via an identification layer. It’s there for those willing to brave the privacy invasion implications.

Part II will discuss probabilistic device identification technology, the role of device identification in cross-platform marketing and the privacy implications in a world of device IDs. Read it on The Makegood tomorrow.